The widespread use of computer systems, especially within networked computing environments, has created many different classes of computer users and has created a need for access control systems to govern how users can access such computer systems. As an example, consider a local area network (LAN) computing environment such as a corporate computer network, commonly referred as an intranet. The intranet network may include various computing systems such as intranet file servers, intranet web-servers, departmental computer systems, database servers, and so forth. Each computing system allows users and/or software programs to create and maintain directories, files, databases, or the like within data storage systems such as one or more disk drives coupled to the computing systems. The storage systems may contain varying amounts and types of data. Various users may control and access the different computing systems at different times of the day or night.
In such a computing environment, access control is an important aspect of system design and provides controlled access to files or other resources within the computing systems. Most conventional computing systems operate using an operating system that provides certain basic access control mechanisms. Using such conventional access control mechanisms, a computer systems manager or administrator (a person responsible for maintaining the computer systems) can configure, for example, an operating system such as Unix in a computer system to control how that computer system allows users to access various directories and files maintained under control of the operating system.
In an operating system such as Unix, access control is frequently provided via access control lists (ACLs) and/or by file and directory permission settings. ACLs are lists of users with associated permissions (e.g., read, write) that a systems manager can create and associate with a file and/or a directory in a filesystem. For instance, an ACL might list all users for a file that have read access to the file, write access to the file, and execute access to the file. When a user requests access to a particular file, the operating system checks the ACL associated with that file to determine if the user requesting access is listed for the type of access that is requested (e.g., read, write or execute). If the user is listed for the requested access, the operating system allows the requested access. Otherwise, a protection violation occurs and the operating system denies user access as requested.
Permission settings provide a condensed version of access control as compared to ACLs. In permissions settings within the Unix operating system, for example, there are three classifications of computer system users: “users”, “groups” and everyone else who is considered, for access control purposes, in a “world” classification. The operating system associates an owner to each file (or directory). The owner is the “user” who creates or originates creation of that file. In addition, the user may belong to a “group” of users who share the file and who each need similar access to the file. All other users who attempt to access the file are in the general “world” classification. The operating system can also associate a set of permissions with each file or directory which specify, for each of the three user classifications (user, group, world), any read “r”, write “w”, and/or execute “x” privileges for that respective classification of users. The Unix operating system maintains the appropriate permission for each user classification as a collection of bits. In a single set of permissions for a file or directory, there are three fields (one for user, one for group and one for world) of three bits each (one for read, one for write and one for execute). The operating system might express such a set of permissions as “rwx,rwx,rwx” where the first “rwx” represents the permissions to that file or directory for a specific user identity, and where the second “rwx” represents the permissions to that file or directory for a group identity, and where the third “rwx” represents the permissions to that file or directory for all other users. For a particular file or directory, the user (i.e., the owner of that file or directory) or a systems manager can set each “r” “w” or “x” bit for each of the three user classifications to a value of one (“1”) if access for that user classification is allowed for that desired access operation (read, write or execute), or to zero (“0”) if access for that user classification is not allowed for the desired access operation. In this manner, the operating system requires nine bits per file or directory to record protection and access control information.
When a user logs onto a computer system running an operating system such as Unix, the operating system provides a unique pre-assigned numerical user identification number (uid or user identity) and group identification number (gid or group identity) to that user. Generally, programs subsequently created by that user inherit that user's user and group identities. When a such a program is executed as a process which attempts access to a certain file or directory, the operating system uses the user and group identities associated with the process to perform access control checks using the ACL and/or permission settings associated with files and/or directories.
As a specific example, a permission setting for a file of “110,100,000” allows the Unix operating system to grant read and write access to user and user processes having the user identity (i.e., the user or owner) associated with that file, but disallows execute access. In this example, the operating system might deny execute access since the file might be data rather that an executable program. This permission setting allows the operating system to grant read access to users and user processes that have a group identity that is the same as the group identity associated with the file, but disallows write or execute access for users or user processes that have group identities within the group associated with the file. Finally, this permission setting disallows read, write and execute access to all other users or user processes within the computer system which attempt to access the file in any manner. This example set of permissions thus provides a rather secure level of access to the file since the operating system provides only the user who owns the file (or user processes created by that user) the ability to read and write to the file, and only members of the group associated with the file (or processes that they create) are provided with read-only access to the file.
While not specifically related to the access control mechanisms explained above, certain software applications use rule processing techniques to direct data to various locations. As an example, Microsoft Outlook email processing software, manufactured by Microsoft Corporation of Redmond Wash., provides an email client program that can use rule processing to direct the placement of email messages within a user's various mailbox folders. A rule mechanism is provided to allow a user to establish rules that can, for instance, select an incoming email message, based on a source address, and deposit that message into a specific mailbox folder. Rule applicability can be conditioned on things such as specific words that might appear in an email message, or on destination or source email addresses. A user may also specify exceptions that define criteria for not applying a rule to routing of email messages. Rules in this system can also specify an action to be taken on the email message, such as, for example, deleting the email and to stop processing other rules once the rule is complete.